Endpoint Protection

Does your company allow a large share of your users to have local administrative privileges on their Windows computers? If yes, vote “Thumbs up.”  If no, vote “Thumbs down.” In the comments, we'd love to hear the total number of users and/or the % of users in your organization that have local admin privliges.


Thanks!

Every one have admin right but there deep freeze install on maybe 25% to 30% of the computers.

It all depends on their function within the company.  Our programmers and engineers are allowed local administrator access, because they frequently use new tools.  Accountants, administration, and the like, do not.  They do not require dynamic environments, so we do not even give them the option.

Unfortunately, yes

about 35% had it and from an audit we stripped them of the rights and now under 10% of the entire organization have local admin

No way. In fact our helpdesk isn't even full admins, they have to use a special account for that.
Only the network admins have such rights.
our developers have the rights they need to specific servers and places.
It's simply too risky............. accidents happen, plus most "risks" run with the privilages of the local user.............giving them full admin rights allows them to circumvent security, lock registry entries to prevent things from running - or allowing things to run, installing software and hardware not allowed, etc.

"Our users can't work at full capacity without it" and "If they needed software installed, they would need to be logged off and logged back on with admin creds" are the two responses I get when I constantly beat the drum to remove local admin rights from our users. Helloooooo, ever heard of using 'RunAs!!!!" But, still the fight goes on.....

Very few users have admin rights.   The only users that do have are those that are very tech savy and are remote alot of the time.    I am looking into ways to even take that away from them with some software by Beyondtrust called Privilage Manager.

Retail, hospitals, banks, even government you can get by without admin rights. But if you work with creative user group or engineers you either give out admin rights or have EVERYTHING packaged up in your LANDesk or Altiris and I mean everything.

We have over 15,000 users, of which roughly only 1071 user have admin rights.  These users are user who do eith development work or support some kind of infrastructure within our company.

I have two remote offices that all have admin rights.
At main office every desktop does not except for one user.
All laptop owners have admin rights, argument is if something shouold go wrong in the field they cant fix it.

Users have no admin right on the local machine, developers are given separated VM sand box without internet and mail for development work.

In my segment of the organization only 1 out of 500 users has admin rights...and it's my boss!